Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2743 | 3 Mozilla, Novell, Oracle | 6 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 3 more | 2016-12-27 | 7.5 HIGH | N/A |
| PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass. | |||||
| CVE-2015-2740 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-27 | 10.0 HIGH | N/A |
| Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. | |||||
| CVE-2015-2739 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-27 | 10.0 HIGH | N/A |
| The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. | |||||
| CVE-2015-2736 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-27 | 9.3 HIGH | N/A |
| The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | |||||
| CVE-2015-2735 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-27 | 9.3 HIGH | N/A |
| nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive. | |||||
| CVE-2015-2733 | 3 Mozilla, Novell, Oracle | 5 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 2 more | 2016-12-27 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker. | |||||
| CVE-2015-2730 | 4 Debian, Mozilla, Novell and 1 more | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2016-12-27 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. | |||||
| CVE-2015-2728 | 3 Mozilla, Novell, Oracle | 5 Firefox, Firefox Esr, Suse Linux Enterprise Desktop and 2 more | 2016-12-27 | 7.5 HIGH | N/A |
| The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue. | |||||
| CVE-2015-8816 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2016-12-02 | 7.2 HIGH | 6.8 MEDIUM |
| The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. | |||||
| CVE-2016-3137 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions. | |||||
| CVE-2016-3138 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor. | |||||
| CVE-2016-2185 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2016-2186 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2016-11-30 | 4.9 MEDIUM | 4.6 MEDIUM |
| The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2016-4482 | 4 Canonical, Fedoraproject, Linux and 1 more | 11 Ubuntu Linux, Fedora, Linux Kernel and 8 more | 2016-11-28 | 2.1 LOW | 6.2 MEDIUM |
| The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. | |||||
| CVE-2016-4485 | 3 Canonical, Linux, Novell | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. | |||||
| CVE-2016-2187 | 3 Canonical, Linux, Novell | 5 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 2 more | 2016-11-28 | 4.9 MEDIUM | 4.6 MEDIUM |
| The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2009-2707 | 1 Novell | 1 Suse Linux Enterprise Server | 2009-09-18 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application. | |||||